Hi,

I.ve allowed acces to a server on my home network by dstnat because VPN is not easy for my family to share NAS media (I know is safer with VPN).
Is there any way to control this open port connection? How can I add to blacklist IP´s who attack in this port?

Thanks

I'd suggest you to rather whitelist a few remote IP addresses from which you allow access.

Create address list (in /ip firewall address-list), populate it with whitelisted IP addresses, and change your NAT rule to include src-address-list=<name of whitelist>.

Your thought is the other way around with a problem: how do you identify an attacker?

I'd suggest you to rather whitelist a few remote IP addresses from which you allow access.

Create address list (in /ip firewall address-list), populate it with whitelisted IP addresses, and change your NAT rule to include src-address-list=<name of whitelist>.

Your thought is the other way around with a problem: how do you identify an attacker?

I understand this,

But almost all of IPs are dynamic and if I want to acces with a movile phone from 4G connection how can I add to white list? It is possible?

In that case it's not possible to create a whitelist.

Another possibility is to implement port knocking. This way one opens access to protected service from anonymous remote IP address if that person knows "how to knock on doors". I've heard there are useful apps (for client side) for all favourite OSes (including smart phones).